You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

*note.You will need to temporarily disable antispyware protection to run this tool because of the methods used to detect certain rootkits.

Thanks

I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware

Double-click SmitfraudFix.exeSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C: ), and launch from there.

***Note : "process.exe" is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.It is safe to allow this file.

Please do not use Option 2 unless told! This tool targets specific threats and the fix portion should not be run unless needed.

Thanks

I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware

It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.

The cleaning can take a while, so please be patient.

Then click the Show report button and copy and paste what's present under results in your next reply.

Thanks

I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware

Unzip it. Disconnect from internet & shut down Antivirus to prevent conflicts. Shut down also any other unneeded apps including any open browser windows. The less stuff we got running the less chance of false positives in log. Double click gmer.exe to run it. Allow driver to install if asked (gmer.sys) You may warning at program start that there is possible rootkit activity and do you want to run scan.

I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware

I was under the impression that you still had the DNS changer issue after running F-Secure scan.

GMER looks normal. Most of the DNS Changer varients use rootkit tactics to hide and it would have shown up in the log.The items in your log are normal part of your security programs and your Synaptics touchpad driver.

Confirm with me please that everything is OK?

If everything is running OK now you can delete the following:

Uninstall Gmer:Go to your c:\Windows folder, locate gmer_uninstall.cmd and run it.A "dos" will pop up and tells you to "press any key to continue".just press enter.This uninstalls Gmer files and service.You can delete Gmer_uninstall.cmd and Gmer.ini after done as well as gmer.exe/zip you downloaded.

Delete SmitFraudFix.exe and its associated folder.Delete rootchk.exeDelete your old version of Hijackthis_v2.exe

You should create a folder for Hijackthis.exe and move Hijackthis.exe to it.It creates backups of anything being fixed with it and all are best kept in its own folder.

Looks like you are using the pro version of ZA correct?The pro version has an inbuilt AV (uses Kaspersky engine) If you plan on keeping the pro version of ZA, I recommend uninstalling AVG so there are no conflicts between the 2 AV programs.having 2 antivirus will not increase security.

If you want to keep AVG running then disable the AV component of ZA.IMO though ZA's AV is better than AVG. Kaspersky AV has a much higher detection rate.

------------------------

After a few reboots and checking to see that all is well; it is highly recommended to reset your system restore to remove any possible backed up infected files there.

Go back and turn system restore back on by removing the check, hit apply, and OK.

A new restore point is created at this time.You will not be able to restore computer to any earlier than today.

--------------------------------------

Couple other apps to consider to increase security:

Spywareblaster <--this prog blocks known bad active x controls, many tracking cookies and puts more sites in restricted zone.Install> update> enable all protection.Updates are about once a month and is free

Using a hosts file will greatly increase security. Many of those flashy annoying ads on websites will not display and it blocks access to thousands of sites entirely.

I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware